Change default RSA, DSA and DH size to 2048 bit

Fixes: #8737 Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #8741 (cherry picked from commit 70b0b977f73cd70e17538af3095d18e0cf59132e)
2025-05-10 08:29:40 +00:00 · 2019-04-13 12:32:48 +02:00 · 2019-04-13 12:32:48 +02:00 · 0f283c9a66
commit 0f283c9a66
parent cea83f9f78
5 changed files with 16 additions and 10 deletions
--- a/6
+++ b/6
@ -9,6 +9,12 @@

 Changes between 1.0.2r and 1.0.2s [xx XXX xxxx]

+  *) Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
+     This changes the size when using the genpkey app when no size is given. It
+     fixes an omission in earlier changes that changed all RSA, DSA and DH
+     generation apps to use 2048 bits by default.
+     [Kurt Roeckx]
+
  *) Add FIPS support for Android Arm 64-bit

     Support for Android Arm 64-bit was added to the OpenSSL FIPS Object Module in
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@ -101,7 +101,7 @@ static int pkey_dh_init(EVP_PKEY_CTX *ctx)
    dctx = OPENSSL_malloc(sizeof(DH_PKEY_CTX));
    if (!dctx)
        return 0;
-    dctx->prime_len = 1024;
+    dctx->prime_len = 2048;
    dctx->subprime_len = -1;
    dctx->generator = 2;
    dctx->use_dsa = 0;
--- a/crypto/dsa/dsa_pmeth.c
+++ b/crypto/dsa/dsa_pmeth.c
@ -69,8 +69,8 @@

 typedef struct {
    /* Parameter gen parameters */
-    int nbits;                  /* size of p in bits (default: 1024) */
-    int qbits;                  /* size of q in bits (default: 160) */
+    int nbits;                  /* size of p in bits (default: 2048) */
+    int qbits;                  /* size of q in bits (default: 224) */
    const EVP_MD *pmd;          /* MD for parameter generation */
    /* Keygen callback info */
    int gentmp[2];
@ -84,8 +84,8 @@ static int pkey_dsa_init(EVP_PKEY_CTX *ctx)
    dctx = OPENSSL_malloc(sizeof(DSA_PKEY_CTX));
    if (!dctx)
        return 0;
-    dctx->nbits = 1024;
-    dctx->qbits = 160;
+    dctx->nbits = 2048;
+    dctx->qbits = 224;
    dctx->pmd = NULL;
    dctx->md = NULL;

--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@ -103,7 +103,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
    rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX));
    if (!rctx)
        return 0;
-    rctx->nbits = 1024;
+    rctx->nbits = 2048;
    rctx->pub_exp = NULL;
    rctx->pad_mode = RSA_PKCS1_PADDING;
    rctx->md = NULL;
--- a/doc/apps/genpkey.pod
+++ b/doc/apps/genpkey.pod
@ -111,7 +111,7 @@ below.

 =item B<rsa_keygen_bits:numbits>

-The number of bits in the generated key. If not specified 1024 is used.
+The number of bits in the generated key. If not specified 2048 is used.

 =item B<rsa_keygen_pubexp:value>

@ -149,12 +149,12 @@ below.

 =item B<dsa_paramgen_bits:numbits>

-The number of bits in the generated prime. If not specified 1024 is used.
+The number of bits in the generated prime. If not specified 2048 is used.

 =item B<dsa_paramgen_q_bits:numbits>

 The number of bits in the q parameter. Must be one of 160, 224 or 256. If not
-specified 160 is used.
+specified 224 is used.

 =item B<dsa_paramgen_md:digest>

@ -173,7 +173,7 @@ or B<sha256> if it is 256.

 =item B<dh_paramgen_prime_len:numbits>

-The number of bits in the prime parameter B<p>. The default is 1024.
+The number of bits in the prime parameter B<p>. The default is 2048.

 =item B<dh_paramgen_subprime_len:numbits>